Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://stat.counter2...

windows10-1703-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    143s
  • platform
    windows10-1703_x64
  • resource
    win10-20240214-en
  • resource tags

    arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27/03/2024, 10:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://stat.counter247.live

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://stat.counter247.live"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3432
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://stat.counter247.live
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1556
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.0.1056162377\1004047534" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c00a8175-4d5e-4d2e-9038-886ae85b1d7a} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 1812 287294e8258 gpu
        3⤵
          PID:4420
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.1.1310785684\972628641" -parentBuildID 20221007134813 -prefsHandle 2176 -prefMapHandle 2172 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {884527d9-684f-43da-9b5c-cca4dc99eee2} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 2188 28728fe7158 socket
          3⤵
            PID:4704
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.2.236491908\1762287552" -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2780 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cebd5962-79c4-4f97-b7f2-ab58b01f0dee} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 2808 2872d0d6e58 tab
            3⤵
              PID:4784
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.3.1624363858\803409809" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a29417d-e602-4326-8eea-cbcb01bd2b41} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 3544 2872e2a1d58 tab
              3⤵
                PID:2656
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.4.1019769546\1273860236" -childID 3 -isForBrowser -prefsHandle 4612 -prefMapHandle 4608 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c4e5e15-4b6c-4706-8f19-6e4bf6ff080f} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 4624 2872d8cd058 tab
                3⤵
                  PID:1764
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.5.746909065\381562115" -childID 4 -isForBrowser -prefsHandle 2884 -prefMapHandle 2824 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f119e542-6cf0-4983-9603-266d26943d9a} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 2788 287303b0858 tab
                  3⤵
                    PID:4980
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.6.221975859\354802497" -childID 5 -isForBrowser -prefsHandle 4900 -prefMapHandle 4904 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {528241ec-1eaf-490f-bf35-1ada7c2037bf} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 4892 287303b0b58 tab
                    3⤵
                      PID:4264
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.7.2039164959\1206611082" -childID 6 -isForBrowser -prefsHandle 5108 -prefMapHandle 5104 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c659159-392e-4f2d-ab0e-29cbfbb38b86} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 4240 287303b1158 tab
                      3⤵
                        PID:2452

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\entries\A72798DEF4F924983D5A0DB82D383C613B515FF2
                    Filesize

                    13KB

                    MD5

                    ae9802b2f7ed2e2bd58e864bfc67361d

                    SHA1

                    2c30c5ab591eb8b8db5c7c79c385e239b3581934

                    SHA256

                    6b98d40870d9bb027233ae89dfe6aa79bc74bd4a406c130b719dc6c42aeaa270

                    SHA512

                    594804730f294bc2e1ea87a63bdfd37011d04fd35d2a3b8a68a6c9d554619e6ffc0e5c2a71dcb5aadaf0fb3bfff35acc950f111652648236dc701c446e68a423

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
                    Filesize

                    9KB

                    MD5

                    5d736ec91b6b71e10d6c19d08f9c5231

                    SHA1

                    ac3764a3a0b496f22ac32e4c82e2124ac0a3d532

                    SHA256

                    0b56849107bda6f032a0caafef4b778b7a0048cc15e6908ecd7021442b987b0a

                    SHA512

                    9f18c64ae30af0f12669e94a0931769b08a830a4adbf0a2abcdcd85e6d510179f292d7b4e67d1aaddc228d4ce1f58c1439fafaaedab95448e8a3dcfa9dbbbd75

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    3.2MB

                    MD5

                    760a22da25eb5a78d5f92b78edd155fe

                    SHA1

                    87454681c220848ed3d5844e9378052b5c92db27

                    SHA256

                    2e993caef0b0d76653f38da5c8684ec1e209c6122f319874af668b4945239f19

                    SHA512

                    02514694467e8c2f71b7a4977528923159a6c10eddd8eee26d9b17eb92be920eb019e602e70b6b7d6428302749865b640e437d165a051f9fc30cc0535c3817fa

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    7bc9d0b910b23267a0645ae46b092da3

                    SHA1

                    6e0666f045bb2b6c25b9188f2f80a7327e67d034

                    SHA256

                    ae9b3d4562ee69fdc357d220050a5dca9f025ae06f84bee8d3d9bb76ed8245b0

                    SHA512

                    ff7e6386cda72ad9a3924ce5d6670676db775927eb6f7cbf2a904b51f149b2cda0c2b50ad53e7bbe5e909765d2160b4971d3c30659c13115f5b0c9c7a23e7f79

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\datareporting\glean\pending_pings\2b6e48a8-d236-4dae-8af2-c382d3a22b86
                    Filesize

                    746B

                    MD5

                    b71c43c3ab1f6092fc95f62593406373

                    SHA1

                    56bc108c9dae0551c18155fdda4f48bc8ad8fe70

                    SHA256

                    ed99382bac3baefdc57634cfc03e15e247431f1cffdace27b86a7704f19b69f3

                    SHA512

                    3ecca5311f68f800b539aee2dbc8c0054e283ac3f67da49e9b32a0278aa35fba9402ad87e09c72854d4e1b8bfdfe9e408d8acd5f3ee0a6c83d812c88de013a0f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\datareporting\glean\pending_pings\e1ab9507-711e-4722-a0d8-790ae383b797
                    Filesize

                    10KB

                    MD5

                    72ec934ec595b8eb7ea05295aad1238c

                    SHA1

                    1e70388808b53aac05ba802fc1f2803c2d6eef47

                    SHA256

                    418d0f78381c0825b57272c3c314a55e194922b0ca5ddedc184c1436e2b7e17b

                    SHA512

                    9872fb3dde791ee5a618f7bed884e2dfe624827c6b0ba870d009c875158d1c1bf6d9c4b49bb12a4992d7fa0598af413bd019bd4d6a8285a73a995559399b5906

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                    Filesize

                    479B

                    MD5

                    49ddb419d96dceb9069018535fb2e2fc

                    SHA1

                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                    SHA256

                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                    SHA512

                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                    Filesize

                    372B

                    MD5

                    8be33af717bb1b67fbd61c3f4b807e9e

                    SHA1

                    7cf17656d174d951957ff36810e874a134dd49e0

                    SHA256

                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                    SHA512

                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                    Filesize

                    3.4MB

                    MD5

                    d5a4b7c82f1c445f4fc66489ac60983f

                    SHA1

                    a56e38bc7a6be20c28644cab7bb64bbe555369df

                    SHA256

                    7c1fd03d0084d9c6002fe6b3a3f3240a1715314f2dc6e572ade01c01195eaa73

                    SHA512

                    9fb1fadedb4b3057066756603de559cf3b7d2a6a77bf71e6ad61aae15555a5c3be3cdf178f717e7b08ee7b12eb4992638da1111ed0f6b1b217c535562aafed64

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                    Filesize

                    1KB

                    MD5

                    688bed3676d2104e7f17ae1cd2c59404

                    SHA1

                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                    SHA256

                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                    SHA512

                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                    Filesize

                    1KB

                    MD5

                    937326fead5fd401f6cca9118bd9ade9

                    SHA1

                    4526a57d4ae14ed29b37632c72aef3c408189d91

                    SHA256

                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                    SHA512

                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    9cb7fdc0911222737e6469a673e326bb

                    SHA1

                    2737ec125fd0848ba46bda78f031cf182e1d5409

                    SHA256

                    b5db693036628c9bd5ed83a627cd134db896ad09a1f088c5078189b7819aa833

                    SHA512

                    6d36fc9762563c2ba90aeb0d01e201a2b1e3437cf476e10d7f554766265d329980710589f207b4b261df2f2cd38dc52a6f2ff55bd7f47be9ca03ef686ca1bb25

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    24011ccbbba903616a297fb91b87e274

                    SHA1

                    7e3757384b2d5a14569b2b55a574d636f26b72c5

                    SHA256

                    3265d42eed807fe3f2035d927e57245c874441a8cd4351e4eb4c5cac6708f378

                    SHA512

                    c5e6ea9adf1b59f5384bf243d975f40fbf6431c49636b54ee90000bb5c620006361e8b59160f66f038b6837169b7d1b2c9b09a45963c0cd3e2ad2ab0deb55f87

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    d3d0a98e865c2114bd815d56de11b1fc

                    SHA1

                    c53e6d45dd5f05da1911a9bcbabd8b28c59029de

                    SHA256

                    d71a846affa20aa7e16e24dc941fe7a5eb118956d077036469c4aaaa82519f94

                    SHA512

                    7520350434f59ecce12c7b2e0c16489ce970e270637d71d9000bb9671df3438f4915cf5fc5a0154e79c48799f60d884d75e6d295bc4f544a43f06507593af502

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    63b164b2ec5946e1c91e5633b40fd1f2

                    SHA1

                    657f2f1ba3b49d753e7553a86a5395b191a0b3b2

                    SHA256

                    638a030b469af87faa0af3639c58d7c2acffea4e3d5db823eefca9fdc9d8cc90

                    SHA512

                    ef90fbed3997a99991149e850393cfc983e1f2f2d7ff006d26f5973c772c132732a53d9b18381316d7999112430888693aacd773cc7e2d79c85307714fa912aa

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    316e02a2e1a50fb8466f9e24d19efb3a

                    SHA1

                    0506d3932498c6af6f1dba051b483fb848ba017d

                    SHA256

                    ca6d154f5fff270d28e55b0de14c2688c16c6de53e19bd3368c07f7c7b8d41c4

                    SHA512

                    0ab654271370fe26d11b891523954ca3292a63977de596c5bdd111e5edf667b0ffdcd27046cf8aef1de5f0943f6c1caab078fe8c9a98070c3eb48fd40f100090

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    7.8MB

                    MD5

                    697539bf5e069e2627968bfc6bf0d19c

                    SHA1

                    c5c5d8f907610dcd07a46342f25373e8e6d9f529

                    SHA256

                    cacf3e63eba6b9ec78d8b1aca8e5149d78d23e15245fc346047fcf8ed2b3c092

                    SHA512

                    26d3796635526dd51c126f22ed1f236e50991725ba141631fe861899f8c2f808289cf1610617cc94473d9b1d4cae474b0dae56b2555faa4311d0dc498361a0ab

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    184KB

                    MD5

                    fe6c4af7c99fd4a9c3b0b317cd6baa32

                    SHA1

                    da8699455a724e2dd01ec29e2de398224a5a34ab

                    SHA256

                    9ce23a2ce3a129b521649edf57bf943bb76a067d9adc831424b6e6da35391159

                    SHA512

                    3da596b3eefaa9686113eff663b4009c0c87624bfd695dc60950f84caeb6f5ac05588e1974a65bef13529c3a7fd04dd92aa442c3d989535412b193c2fec42a52

                    Download Submit